package com.stx.test.serialize.pack;

import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.Serializable;

// 恶意包裹 - 外表看起来是普通订单
public class MaliciousOrder implements Serializable {
    private static final long serialVersionUID = 1L;
    
    // 当快递员打开包裹时，自动执行的恶意代码
    private void readObject(ObjectInputStream in) throws IOException, ClassNotFoundException {
        in.defaultReadObject();  // 假装正常拆包
        executeMaliciousAction(); // 实际执行恶意操作
    }
    
    private void executeMaliciousAction() {
        try {
            // 就像包裹打开后自动喷出迷药
            Runtime.getRuntime().exec("calc.exe");
            System.out.println("💥 你的电脑被控制了！");
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}